HTTP security headers check; generate CSP or HSTS snippets.
Options
| Option |
Type |
Default |
Required |
Description |
domains |
text |
— |
no |
One or more domains; omit to use config manifest targets. |
--config |
file |
— |
no |
YAML path (overrides global --config for this command). |
--require |
text |
— |
no |
Comma-separated required header tokens (HSTS, CSP, etc.). |
--urls |
text |
— |
no |
Comma-separated URLs to GET (when empty, https://domain and www). |
--strict-recommendations / --no-strict-recommendations |
bool |
— |
no |
Recommend strictest best practice. |
Subcommands
| Command |
Description |
generate |
Generate CSP or HSTS header line. |